[U-Boot] Non-secure switch in U-boot

Discussion:

Shabbir Khan

2014-06-12 11:32:51 UTC

Hi,

I am working on Xilinx's zynq zc702 board on which i am trying to boot
U-boot in Non-secure state, but unfortunately i am not making it boot,
through ARM DS-5 debugger, i traced the code flow, once booting process
enters into NS world abort is taking place. Do i need to set up any stacks
for NS world ? How it retrieves secure contents and continue booting from
where secure boot lefts?

Please me help i got strucked with this problem.

Best Regards
Shabbir

Thomas.Betker

2014-06-12 15:18:22 UTC

Permalink

Post by Shabbir Khan
I am working on Xilinx's zynq zc702 board on which i am trying to boot
U-boot in Non-secure state, but unfortunately i am not making it boot,
through ARM DS-5 debugger, i traced the code flow, once booting process
enters into NS world abort is taking place. Do i need to set up any stacks
for NS world ? How it retrieves secure contents and continue booting from
where secure boot lefts?
Please me help i got strucked with this problem.

I am missing some details here. I am assuming that you use Xilinx' FSBL,
which in turn starts u-boot (from SD card). Your FSBL is encrypted (as
required for secure boot), and u-boot may or may not be encrypted. Is all
this correct?

As far as I know, u-boot shouldn't see any difference between secure and
non-secure boot then; the binary that is run after decryption is the same
as the unencrypted binary.

My guess would be that either your FSBL is not encrypted, or something
else went wrong when generating and installing the boot image.

Best regards,
Thomas Betker

Shabbir Khan

2014-06-13 04:51:19 UTC

Permalink

Hi Tim,

Thanks for reply.
Yes. FSBL is encrypted and is used to start u-boot.
My problem is, by default since cortex-a9 is trustzone compliant it boots
in secure state, but i want to switch dynamically to non-secure state by
calling smc #0 in start.S of my u-boot. Since I have successfully set up
the vector table, MVBAR register and by writing to cp15 SCR, i am able to
enter into Normal world. Once normal state is entered, stack pointer points
to 0x0, and when i tried to boot it goes to ABT(abort) mode.

I want to boot my linux in Non-secure world at the end, that's why, first i
am trying at u-boot level.

Best Regards
Shabbir

Post by Shabbir Khan

stacks

Post by Shabbir Khan
for NS world ? How it retrieves secure contents and continue booting

from

Post by Shabbir Khan
where secure boot lefts?
Please me help i got strucked with this problem.

I am missing some details here. I am assuming that you use Xilinx' FSBL,
which in turn starts u-boot (from SD card). Your FSBL is encrypted (as
required for secure boot), and u-boot may or may not be encrypted. Is all
this correct?
As far as I know, u-boot shouldn't see any difference between secure and
non-secure boot then; the binary that is run after decryption is the same
as the unencrypted binary.
My guess would be that either your FSBL is not encrypted, or something
else went wrong when generating and installing the boot image.
Best regards,
Thomas Betker

Thomas.Betker

2014-06-13 09:50:21 UTC

Permalink

Post by Shabbir Khan
Yes. FSBL is encrypted and is used to start u-boot.
My problem is, by default since cortex-a9 is trustzone compliant it boots
in secure state, but i want to switch dynamically to non-secure state by
calling smc #0 in start.S of my u-boot. Since I have successfully set up
the vector table, MVBAR register and by writing to cp15 SCR, i am able to
enter into Normal world. Once normal state is entered, stack pointer points
to 0x0, and when i tried to boot it goes to ABT(abort) mode.
I want to boot my linux in Non-secure world at the end, that's why, first i
am trying at u-boot level.

Okay, thanks for the clarification. However, this is an area where I
haven't worked on myself yet (lots of Zynq experience here, but just
starting on secure boot). Perhaps some ARM expert might help ...?

Best regards,
Thomas